 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Greg Rundlett wrote: > A quick search through my KeePassX database and my login for Ubuntu > forums was cryptographically strong, and (for me) unique to that website. > *Every* login I have is unique. I have a simple tool (KeePassX) to mind > them all. And I have Dropbox to share the (encrypted) database, and I have > KeePassDroid to use the database on the road. Ditto. Except for Dropbox, which I wouldn't use due to the lack of client-side encryption and private keys. (Of course not a problem for the use case above.) It sounds like the developer of KeePassX is working on a version that is compatible with KeePass 2.0. Same effort happening over on Android, where there at lat least a couple of apps that work with KeePass files. Kent Borg wrote: > As for my portable access to passwords...phones are *the* hot target > these days...so I have a dedicated Android phone that I have never let > connect to the internet, nor have I let it see a SIM. I have it loaded > with, I think only 3 apps, just enough to do encrypted passwords, let me > sync with my Linux computer, and set the clock from GPS. And nothing more. Good idea, if 1. you have an old phone to dedicate to this, and 2. you don't mind carrying around a phone that is otherwise useless. (I suppose you might be able to make emergency calls on it.) Not exactly high marks for convenience. Something I'd like to see added to the KeePass desktop and mobile apps is support for OATH[1], the one-time authentication algorithm used by Google Authenticator. It bugs me that the Google Authenticator app doesn't have a master password, so you are entirely dependent on your phone's security to protect that factor. A password safe could use strong encryption to protect the keys used by the one-time authentication algorithm. Ideally, you'd want to have the option to have that info encrypted using a different password than the one protecting your passwords. -Tom 1. http://en.wikipedia.org/wiki/HOTP -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
